How to use external Freeradius Server to login WebGui needed
-
is there any how / documentation how to use an external freeradius server (on debian) with user files (no ldap / mysql) to manage access to the webgui (not captive portal / openvpn / squid)?
-
There are no pfSense docs that will tell you how to use the external RADIUS server itself.
But to tie any RADIUS server, on or off the firewall, to the User Manager you only need a few things:
1. Set your RADIUS server to return user groups in the "Class" reply attribute in a plain-text response, colon separated, e.g. Class := "admins;VPNUsers"
2. Make sure groups with the same names exist locally and have proper permissions
3. Add the RADIUS Server under System > User Manager on the Authentication Servers tab
4. Test it from Diagnostics > Authentication and be sure it shows the correct groups in the response
5. Activate it for use by the GUI under System > User Manager on the Settings tab
6. From a separate browser or incognito/private session, confirm you can login -
perfect. that was much easier then expected. I will create a blog entry with some screenshots in the next days. it will be in german but they should be understandable
-
here you find a german blog entry. maybe the screenshots do help somebody else.
https://www.hagen-bauer.de/2017/07/pfsense-radius.html
